CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

299 matches found

Vulnrichment•added 2024/05/03 2:10 a.m.•11 views

CVE-2023-39472 Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability

Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...

6.5CVSS6.2AI score0.00534EPSS

Exploits0References1

Cvelist•added 2024/05/03 2:10 a.m.•15 views

CVE-2023-39473 Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability

Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...

8.8CVSS9.2AI score0.29897EPSS

Exploits0References1

Cvelist•added 2024/05/03 2:10 a.m.•19 views

CVE-2023-39472 Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability

6.5CVSS6.4AI score0.00534EPSS

Exploits0References1

Vulnrichment•added 2024/05/03 1:59 a.m.•14 views

CVE-2023-38124 Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability

Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit...

7.2CVSS8AI score0.53761EPSS

Exploits0References2

CVE•added 2024/05/03 1:59 a.m.•58 views

CVE-2023-38124

CVE-2023-38124 affects Inductive Automation Ignition Gateway/OPC UA Quick Client Task Scheduling. The flaw stems from exposing a dangerous function in the Ignition Gateway server, allowing remote attackers to execute code with SYSTEM privileges after authenticating. Documents consistently describ...

8.8CVSS7.5AI score0.53761EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/05/03 1:59 a.m.•14 views

CVE-2023-38122 Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability

Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit thi...

7.2CVSS7.9AI score0.00565EPSS

Exploits0References2

Vulnrichment•added 2024/05/03 1:59 a.m.•18 views

CVE-2023-38123 Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability

Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is required to explo...

7.5CVSS6.9AI score0.00299EPSS

Exploits0References2

CVE•added 2024/05/03 1:59 a.m.•58 views

CVE-2023-38122

CVE-2023-38122 affects Inductive Automation Ignition OPC UA Quick Client. The flaw is in the web server configuration, arising from missing Content Security Policy headers, enabling a cross-domain policy that can lead to remote code execution. Authentication is required to exploit, but the authen...

7.2CVSS7.5AI score0.00565EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/05/03 1:59 a.m.•13 views

CVE-2023-38123 Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability

7.5CVSS7.9AI score0.00299EPSS

Exploits0References2

CVE•added 2024/05/03 1:59 a.m.•59 views

CVE-2023-38123

Inductive Automation Ignition OPC UA Quick Client contains an authentication bypass in the server configuration that controls access to password-change functionality. The vulnerability allows remote attackers to bypass authentication after the user visits a malicious page or opens a malicious fil...

8.8CVSS7.7AI score0.00299EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/05/03 1:59 a.m.•21 views

CVE-2023-38122 Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability

7.2CVSS7.7AI score0.00565EPSS

Exploits0References2

CVE•added 2024/05/03 1:59 a.m.•62 views

CVE-2023-38121

CVE-2023-38121 affects Inductive Automation Ignition (OPC UA Quick Client). The vulnerability stems from improper validation of the id parameter in the web interface, enabling cross-site scripting that can lead to remote code execution with SYSTEM privileges. Exploitation requires user interactio...

9CVSS8.2AI score0.01727EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/05/03 1:59 a.m.•16 views

CVE-2023-38121 Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability

Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability i...

8.3CVSS7.2AI score0.01727EPSS

Exploits0References2

Cvelist•added 2024/05/03 1:59 a.m.•11 views

CVE-2023-38121 Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability

8.3CVSS8.4AI score0.01727EPSS

Exploits0References2